This tutorial will demonstrate how to add custom action permission to your component down to object level. Normally we familiar with ACL in global configuration level, category level and component level. Now we will learn how to add action permission control in our component.

ACL Architecture Overview

Action permissions for component in Joomla! 2.5 can be defined at up to 3 levels

Global Configuration: determines the default permissions for each action and group.

Component Options->Permissions: can override the default permissions for our component

Record Options->Permissions: this is what we discuss in this tutorial.

The other level that you will see is Category which can override the default permissions for objects assigned to category. We can use this if we use category in our component. I separate this one from others as its parent is Global Configuration.

Using JTable To Handle Action Control Saving and Loading

JTable class has some built-in support for ACL, to use this you have to add one integer field in your table named 'asset_id'. This field will be used to perform action control for your object. Do not confused with 'access' field, that is only for access permission (read side) as Joomla! separates other actions from read acess.

Normally, we have to override __construct() method in our descendant class. We may also override check() method to validate our data before saving to database. For ACL action support we have to override these methods:-

Add Rules Field to Your Form

Next, we have to add two fields to our form so we will have action control setting input in the view. The first one is 'asset_id' and its type is hidden. This is same name as we provide in our table. The second one is 'rules' and its type is rules. We have to provide this name as it will be processed by JTable descendant class. Please see JTable class for more detail.

You will see that I have also create new action for my component. The "asterman.edit.basic" action is to control if user has right to edit some part of the record or not.

Put Action Control In Action

Using action control in your code is easy than you think, we use JUser 's method to do this. This method is authorise() which requires two parameters one is action and second one is assest name. Unlike our global component access control, here we refer to asset name per record, please JTable descendant class above.

JFactory::getUser()->authorise($action,$assetName);

This is example of JModelAdmin descendant class that use this function.

publicfunction getForm($data=array(),$loadData=true){// Get the form.$form=$this->loadForm('com_asterman.extension',//form name'extension',//XML file namearray('control'=>'jform','load_data'=>$loadData));if(empty($form)){returnfalse;}if($this->getState('suffix')=='14'){// theses fields do not exists in Asterisk version 1.4$form->setFieldAttribute('call-limit','disabled','true');$form->setFieldAttribute('call-limit','filter','unset');}$user= JFactory::getUser();if(!empty($data['unit_id'])){$assetName=$this->option.'.unit.'.$data['unit_id'];$canEdit=$user->authorise('core.edit',$assetName);$canEditBasic=$user->authorise('asterman.edit.basic',$assetName);$canEditState=$user->authorise('core.edit.state',$assetName);}else{$canEdit=$user->authorise('core.create',$this->option);}if(!$canEdit){$form->setFieldAttribute('unit_id','disabled','true');$form->setFieldAttribute('unit_id','filter','unset');if(!$canEditBasic){$form->setFieldAttribute('callerid','disabled','true');$form->setFieldAttribute('secret','disabled','true');$form->setFieldAttribute('allow','disabled','true');$form->setFieldAttribute('callgroup','disabled','true');$form->setFieldAttribute('pickupgroup','disabled','true');$form->setFieldAttribute('call-limit','disabled','true');$form->setFieldAttribute('callerid','filter','unset');$form->setFieldAttribute('secret','filter','unset');$form->setFieldAttribute('allow','filter','unset');$form->setFieldAttribute('callgroup','filter','unset');$form->setFieldAttribute('pickupgroup','filter','unset');$form->setFieldAttribute('call-limit','filter','unset');}// Modify the form based on access controls.if(!$canEditState){// Disable fields for display.$form->setFieldAttribute('host','disabled','true');$form->setFieldAttribute('context','disabled','true');// Disable fields while saving.// The controller has already verified this is a record you can edit.$form->setFieldAttribute('host','filter','unset');$form->setFieldAttribute('context','filter','unset');}}return$form;}

And this is the output of action permission setting on unit object of my component.